From 291bddcf4c3b75f8e04a165cc45bdc367d206d6b Mon Sep 17 00:00:00 2001
From: Gabriel Valcazar <gabriel.valcazar@digi.com>
Date: Mon, 19 Jan 2026 15:08:17 +0100
Subject: [PATCH] swupdate: explicitly enable SIGALG_RAWRSA when signed images
 are enabled

In previous versions of swupdate, only one SIGALG_* option could be chosen at
build-time, with SIGALG_RAWRSA being the default option. However, in 2025.12,
multiple SIGALG_* options can now be configured at build-time, allowing users
to choose the signature verification algorithm used at runtime via the
"digest-provider" parameter. We weren't explicitly setting any of these
algorithms in our defconfig, so the resulting builds didn't have any digest
providers, causing swupdate to fail early on when signed images are enabled.

To restore the behavior of previous swupdate versions, explicitly enable
SIGALG_RAWRSA when signed images are enabled. Since we only enable one digest
provider, it will be chosen automatically, without having to explicitly set the
"digest-provider" parameter at runtime.

Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
---
 .../recipes-support/swupdate/swupdate/signed_images.cfg          | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta-digi-dey/recipes-support/swupdate/swupdate/signed_images.cfg b/meta-digi-dey/recipes-support/swupdate/swupdate/signed_images.cfg
index a6f0b2c59..be5a05f1d 100644
--- a/meta-digi-dey/recipes-support/swupdate/swupdate/signed_images.cfg
+++ b/meta-digi-dey/recipes-support/swupdate/swupdate/signed_images.cfg
@@ -1,2 +1,3 @@
 # Add SIGNED_IMAGES support
 CONFIG_SIGNED_IMAGES=y
+CONFIG_SIGALG_RAWRSA=y